CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32138 – WordPress Easy Google Maps plugin <= 1.11.17 - XML External Entity vulnerability
https://notcve.org/view.php?id=CVE-2025-32138
04 Apr 2025 — Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection. This issue affects Easy Google Maps: from n/a through 1.11.17. • https://patchstack.com/database/wordpress/plugin/google-maps-easy/vulnerability/wordpress-easy-google-maps-plugin-1-11-17-xml-external-entity-vulnerability?_s_id=cve • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33926 – WordPress Easy Google Maps Plugin <= 1.11.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33926
24 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions. The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to call that function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is ... • https://patchstack.com/database/vulnerability/google-maps-easy/wordpress-easy-google-maps-plugin-1-11-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2526 – Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action
https://notcve.org/view.php?id=CVE-2023-2526
24 May 2023 — The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, a... • https://plugins.trac.wordpress.org/browser/google-maps-easy/trunk/classes/frame.php?rev=2777743#L246 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46780 – Easy Google Maps < 1.9.32 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-46780
09 Apr 2022 — The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting El plugin Easy Google Maps de WordPress versiones anteriores a 1.9.32, no escapa del parámetro tab antes de devolverlo a un atributo en el panel de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/cba4ccdd-9331-4ca0-b910-8f427ed9b540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39346 – Google Maps Easy <= 1.9.33 Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-39346
01 Nov 2021 — The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin G... • https://github.com/BigTiger2020/word-press/blob/main/Google%20Maps%20Easy.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •